Google Cloud Storage report download no access-CodePudding

I am running node to download the sales report from google cloud storage. I got the credentials.json file. Now the problem is every time I run my application I get "[email protected]" does not have storage.objects.get access to the Google Cloud Storage object".

Yes, this email is nowhere registered on the google cloud storage or given rights to, but it should work with the credentials alone, no? The credentials are directly from the google cloud storage and have this information : client_secret,project_id,redirect_uri,client_id...

My sample Code:

// Imports the Google Cloud client library.
const {Storage} = require('@google-cloud/storage');



const projectId = 'xxxxxxxxxxxxxxxxxx'
const key = 'credentials.json'
const bucketName = 'pubsite.......'
const destFileName = './test'
const fileName = 'salesreport_2020.zip'

// Creates a client
const storage = new Storage({projectId, key});

async function downloadFile() {
    const options = {
        destination: destFileName,
    };

    // Downloads the file
    await storage.bucket(bucketName).file(fileName).download(options);

    console.log(
        `gs://${bucketName}/${fileName} downloaded to ${destFileName}.`
    );
}

downloadFile().catch(console.error);

CodePudding user response：

Because you are seeing the random gmail address, that likely means the storage client is using Application default credentials instead of the ones you intend. There are two paths forward:

Embrace application default credentials. Remove the options you are passing in to the Storage constructor, and instead set the GOOGLE_APPLICATION_CREDENTIALS environmental variable to you json service account file.
Fix the Storage constructor to pass in credentials properly. The issue may be something as simple as you needing to pass the full path to the credentials file (ie /a/b/c/credentials.json). Possibly the storage options are not being processed right, try being explicit like
```
const storage = new Storage({projectId: 'your-project-id', keyFilename: '/path/to/keyfile.json'});
```

CodePudding user response：

You are using the wrong type of credentials file.

Your code is written to use a service account JSON key file. You mention that the credentials file contains client_secret. That means you are trying to use OAuth 2.0 Client IDs.

Look in the file credentials.json. It should contain "type": "service_account". If you see {"installed": or {"web": at the start of the file, then you have the wrong credentials.

Creating and managing service account keys

Also, you are specifying the parameters wrong in the line:

const storage = new Storage({projectId, key});

Replace with:

const storage = new Storage({projectId: projectId, keyFilename: key});